Add version to XML chunks in case of future changes.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
#include <endian.h>
#include <stdint.h>
#include <stdlib.h>
+#include <limits.h>
#include <string.h>
#include <netinet/in.h>
#include <errno.h>
if (tree == NULL)
return -1;
+ /* Validate version */
+ if (mxmlElementGetAttr(tree, "version") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ tmp = strtoll(mxmlElementGetAttr(tree, "version"), &endptr, 10);
+ if (tmp == LLONG_MAX || *endptr || tmp != NFT_CHAIN_XML_VERSION) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
/* Get and set <chain name="xxx" ... >*/
if (mxmlElementGetAttr(tree, "name") == NULL) {
mxmlDelete(tree);
{
return snprintf(buf, size,
"<chain name=\"%s\" handle=\"%lu\""
- " bytes=\"%lu\" packets=\"%lu\">"
+ " bytes=\"%lu\" packets=\"%lu\" version=\"%d\">"
"<properties>"
"<type>%s</type>"
"<table>%s</table>"
"</properties>"
"</chain>",
c->name, c->handle, c->bytes, c->packets,
- c->type, c->table, c->prio, c->use, c->hooknum,
- c->policy, c->family);
+ NFT_CHAIN_XML_VERSION, c->type, c->table,
+ c->prio, c->use, c->hooknum, c->policy, c->family);
}
static int nft_chain_snprintf_default(char *buf, size_t size, struct nft_chain *c)
#include <mxml.h>
#endif
+#define NFT_TABLE_XML_VERSION 0
+#define NFT_CHAIN_XML_VERSION 0
+#define NFT_RULE_XML_VERSION 0
+
struct expr_ops;
struct nft_rule_expr {
#include <endian.h>
#include <stdint.h>
#include <stdlib.h>
+#include <limits.h>
#include <string.h>
#include <netinet/in.h>
#include <errno.h>
if (tree == NULL)
return -1;
+ /* validate XML version <rule ... version=X ... > */
+ if (mxmlElementGetAttr(tree, "version") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ tmp = strtoll(mxmlElementGetAttr(tree, "version"), &endptr, 10);
+ if (tmp == LLONG_MAX || *endptr || tmp != NFT_RULE_XML_VERSION) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
/* get and set <rule ... family=X ... > */
if (mxmlElementGetAttr(tree, "family") == NULL) {
mxmlDelete(tree);
ret = snprintf(buf, size,
"<rule family=\"%u\" table=\"%s\" "
- "chain=\"%s\" handle=\"%llu\"> ",
+ "chain=\"%s\" handle=\"%llu\" version=\"%d\"> ",
r->family, r->table, r->chain,
- (unsigned long long)r->handle);
+ (unsigned long long)r->handle,
+ NFT_RULE_XML_VERSION);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
ret = snprintf(buf+offset, len, "<rule_flags>%u</rule_flags>"
mxml_node_t *node = NULL;
char *endptr = NULL;
uint64_t tmp;
+ int64_t stmp;
/* NOTE: all XML nodes are mandatory */
if (tree == NULL)
return -1;
+ /* Check the version of the XML */
+ if (mxmlElementGetAttr(tree, "version") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ stmp = strtoll(mxmlElementGetAttr(tree, "version"), &endptr, 10);
+ if (stmp == LLONG_MAX || *endptr || stmp != NFT_TABLE_XML_VERSION) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
/* Get and set the name of the table */
if (mxmlElementGetAttr(tree, "name") == NULL) {
mxmlDelete(tree);
static int nft_table_snprintf_xml(char *buf, size_t size, struct nft_table *t)
{
return snprintf(buf, size,
- "<table name=\"%s\">"
+ "<table name=\"%s\" version=\"%d\">"
"<properties>"
"<family>%u</family>"
"<table_flags>%d</table_flags>"
"</properties>"
"</table>" ,
- t->name, t->family, t->table_flags);
+ t->name, NFT_TABLE_XML_VERSION,
+ t->family, t->table_flags);
}
static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table *t)
projects / thirdparty / libnftnl.git / commitdiff
